An attacker can create a script file (i.e., automated program) that will be executed to try each password in list and when matches, an attacker can gain the access to the system. The most popular online attack is man-in-the middle (MITM) attack, also termed as "bucket-brigade attack" or sometimes "Janus attack," It is a form of active eavesdroping" in which the attacker establishes a connection between a victim and the server to which a victim is connected. When a victim client connects to the fraudulent server, the MTM server intercepts the call, hashes the password and passes the connection to the victim server. This type of attack is used to obtain the passwords for E-Mail accounts on public websites such as Yahoo, Hotmail and Gmail and can also used to get the passwords for financial websites that would like to gain the access to banking websites.
Mostly offline attacks are performed from a location other than the target (i.e., either a computer system or while on the network) where these passwords reside or are used. Offline attacks usually require physical access to the computer and copying the password file from the system onto removable media. Different types of offline password attacks are described in below table.
|Type of Attack||Description||Example of a Password|
|Dictionary Attack||Attempts to match all the words from the dictionary to get the password||Administrator|
|Hybrid Attack||Substitutes numbers and symbols to get the password||Administrator|
|Brute Force Attack||Attempts all possible permutation combinations of letter numbers and special characters||[email protected]|